no tcp logs in smoothwall firewall

G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hi

Through advice from this site I tested smoothwall 2.0

I deliberately knock aginst the fire wall with telnet or ssh.
All I get is UDP traffic logs of traffic passing by. It is acting
as a sniffer


What have I configured wrong
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"silvester the putty cat" <someone@tweety.com> wrote in news:newscache
$uqdnyh$03j$1@weblab.ucd.ie:

> Hi
>
> Through advice from this site I tested smoothwall 2.0
>
> I deliberately knock aginst the fire wall with telnet or ssh.
> All I get is UDP traffic logs of traffic passing by. It is acting
> as a sniffer
>
>
> What have I configured wrong
>
>
>

Smoothwall is a lot like IpCop which is all I know about.
The log will not be generated unless you are coming
from the "RED" side of the wall. As all Green is permitted.
Try going to www.grc.com and doing the "shields up" test.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

>
> > Hi
> >
> > Through advice from this site I tested smoothwall 2.0
> >
> > I deliberately knock aginst the fire wall with telnet or ssh.
> > All I get is UDP traffic logs of traffic passing by. It is acting
> > as a sniffer
> >
> > What have I configured wrong
>
> Smoothwall is a lot like IpCop which is all I know about.
> The log will not be generated unless you are coming
> from the "RED" side of the wall. As all Green is permitted.
> Try going to www.grc.com and doing the "shields up" test.

I have been using Smoothwall for several years now, and so far my network
integrity has not been compromised. The thing just sits there up in my loft
and does the job without me having to do much about it.
The smothwall experience has been a good one, the security is tight, and it
is easy to control the traffic. I believe that SmootWall in its standard
package (free from the net at www.smoothwall.org) gives you an adequate
protection.

Depending on how active you want your Smoothie to be, you may also want to
look at some of the Modifications that are available through the Forum
pages. Personally I have installed the following mods:

- "DShield Log Submission & Blocklist" - submission of firewall logs and
pre-emptive blocking of aggressive IP's as reported to DShield.org which is
found at http://community.smoothwall.org/forum/viewtopic.php?t=6351
This fuction lets my Smoothwall take advantage of the detection work done by
others and also contribute actively to the identification of malicious
addresses on the networks. The mod does not require any actions from my
side.

- "Snort + Guardian - active firewall" which is found at
http://community.smoothwall.org/forum/viewtopic.php?t=5702
This one makes the www.grc.com test believe that your system is more or less
unnplugged from the network. Snort (in its standard version) will detect
that you are being port-scanned and automatically block all furter
communication witht that site. The addition of Guardian in this manner to a
firewall really takes the security to a new level, as the FW is able to
adapt to the traffic which is detected. I do not have to work with long
lists of addresses that I want to block anymore. I just check the growing
list of addresses where someone has tried to be "smart". To them, my whole
network becomes instantly invisible.

"Update Snort" which is a natural extension of the modification above. It is
found at http://community.smoothwall.org/forum/viewtopic.php?t=5035
This modification require that I give a command from the Web-interface now
and then just to secure that I have the latest rules, but it would be a very
small job to add an automatic update function to the SmothWall. By updating
the rules, the adaptive security behaviour which was added by the Guardian
modification above becomes even better.

Since I have some very active family members on my network and need to have
a stable connection going to servers in the company from my home office, I
have also added a "Traffic shaping" modification which is found here:
http://community.smoothwall.org/forum/viewtopic.php?t=1817
By juggling the port lists a little bit, all users are now happy and nobody
looses VPN connections due to traffic overload due to Direct Connect, FTPs,
Bittorrents etc.

So, does this mean that I have to spend a lot of time working my Firewall
and keeping a constant watch-out for new modifications etc. Not in my world,
I have added the functions I found I need, and have just left it running.
the up-time has been determined by two things over the years: 1) the power
supply company and 2) the durability of the ols PC HW I use to run this on.

I get two advantages which has been the improtant factors for me: 1) Good
industy standard protection even here at home, 2) I do not have to worry
about it or tinker all the time 3) It is free, and run on old PC HW which
can be found at very low prices.

John Morten

PS. No, I am not part of the SmootWall company, nor do I program things or
sell this product. I am just very pleased with it and wanted you to hear
about it.